[vlc-commits] flac packetizer: validate frames with their CRC
Rafaël Carré
git at videolan.org
Sat Nov 16 01:12:01 CET 2013
vlc | branch: master | Rafaël Carré <funman at videolan.org> | Sat Nov 16 00:39:33 2013 +0100| [f4f66b0f8a36035865fbaffb88be3d0140eac7c7] | committer: Rafaël Carré
flac packetizer: validate frames with their CRC
Fix #9442
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=f4f66b0f8a36035865fbaffb88be3d0140eac7c7
---
modules/packetizer/flac.c | 126 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 124 insertions(+), 2 deletions(-)
diff --git a/modules/packetizer/flac.c b/modules/packetizer/flac.c
index a75a6d2..2f16717 100644
--- a/modules/packetizer/flac.c
+++ b/modules/packetizer/flac.c
@@ -87,6 +87,7 @@ struct decoder_sys_t
int i_frame_length;
size_t i_frame_size;
+ uint16_t crc;
unsigned int i_rate, i_channels, i_bits_per_sample;
};
@@ -242,6 +243,93 @@ static uint8_t flac_crc8(const uint8_t *data, unsigned len)
return crc;
}
+/* CRC-16, poly = x^16 + x^15 + x^2 + x^0, init = 0 */
+static const uint16_t flac_crc16_table[256] = {
+ 0x0000, 0x8005, 0x800f, 0x000a, 0x801b, 0x001e, 0x0014, 0x8011,
+ 0x8033, 0x0036, 0x003c, 0x8039, 0x0028, 0x802d, 0x8027, 0x0022,
+ 0x8063, 0x0066, 0x006c, 0x8069, 0x0078, 0x807d, 0x8077, 0x0072,
+ 0x0050, 0x8055, 0x805f, 0x005a, 0x804b, 0x004e, 0x0044, 0x8041,
+ 0x80c3, 0x00c6, 0x00cc, 0x80c9, 0x00d8, 0x80dd, 0x80d7, 0x00d2,
+ 0x00f0, 0x80f5, 0x80ff, 0x00fa, 0x80eb, 0x00ee, 0x00e4, 0x80e1,
+ 0x00a0, 0x80a5, 0x80af, 0x00aa, 0x80bb, 0x00be, 0x00b4, 0x80b1,
+ 0x8093, 0x0096, 0x009c, 0x8099, 0x0088, 0x808d, 0x8087, 0x0082,
+ 0x8183, 0x0186, 0x018c, 0x8189, 0x0198, 0x819d, 0x8197, 0x0192,
+ 0x01b0, 0x81b5, 0x81bf, 0x01ba, 0x81ab, 0x01ae, 0x01a4, 0x81a1,
+ 0x01e0, 0x81e5, 0x81ef, 0x01ea, 0x81fb, 0x01fe, 0x01f4, 0x81f1,
+ 0x81d3, 0x01d6, 0x01dc, 0x81d9, 0x01c8, 0x81cd, 0x81c7, 0x01c2,
+ 0x0140, 0x8145, 0x814f, 0x014a, 0x815b, 0x015e, 0x0154, 0x8151,
+ 0x8173, 0x0176, 0x017c, 0x8179, 0x0168, 0x816d, 0x8167, 0x0162,
+ 0x8123, 0x0126, 0x012c, 0x8129, 0x0138, 0x813d, 0x8137, 0x0132,
+ 0x0110, 0x8115, 0x811f, 0x011a, 0x810b, 0x010e, 0x0104, 0x8101,
+ 0x8303, 0x0306, 0x030c, 0x8309, 0x0318, 0x831d, 0x8317, 0x0312,
+ 0x0330, 0x8335, 0x833f, 0x033a, 0x832b, 0x032e, 0x0324, 0x8321,
+ 0x0360, 0x8365, 0x836f, 0x036a, 0x837b, 0x037e, 0x0374, 0x8371,
+ 0x8353, 0x0356, 0x035c, 0x8359, 0x0348, 0x834d, 0x8347, 0x0342,
+ 0x03c0, 0x83c5, 0x83cf, 0x03ca, 0x83db, 0x03de, 0x03d4, 0x83d1,
+ 0x83f3, 0x03f6, 0x03fc, 0x83f9, 0x03e8, 0x83ed, 0x83e7, 0x03e2,
+ 0x83a3, 0x03a6, 0x03ac, 0x83a9, 0x03b8, 0x83bd, 0x83b7, 0x03b2,
+ 0x0390, 0x8395, 0x839f, 0x039a, 0x838b, 0x038e, 0x0384, 0x8381,
+ 0x0280, 0x8285, 0x828f, 0x028a, 0x829b, 0x029e, 0x0294, 0x8291,
+ 0x82b3, 0x02b6, 0x02bc, 0x82b9, 0x02a8, 0x82ad, 0x82a7, 0x02a2,
+ 0x82e3, 0x02e6, 0x02ec, 0x82e9, 0x02f8, 0x82fd, 0x82f7, 0x02f2,
+ 0x02d0, 0x82d5, 0x82df, 0x02da, 0x82cb, 0x02ce, 0x02c4, 0x82c1,
+ 0x8243, 0x0246, 0x024c, 0x8249, 0x0258, 0x825d, 0x8257, 0x0252,
+ 0x0270, 0x8275, 0x827f, 0x027a, 0x826b, 0x026e, 0x0264, 0x8261,
+ 0x0220, 0x8225, 0x822f, 0x022a, 0x823b, 0x023e, 0x0234, 0x8231,
+ 0x8213, 0x0216, 0x021c, 0x8219, 0x0208, 0x820d, 0x8207, 0x0202
+};
+
+static uint16_t flac_crc16(uint16_t crc, uint8_t byte)
+{
+ return (crc << 8) ^ flac_crc16_table[(crc >> 8) ^ byte];
+}
+
+/* Gives the previous CRC value, before hashing last_byte through it */
+static uint16_t flac_crc16_undo(uint16_t crc, const uint8_t last_byte)
+{
+ /*
+ * Given a byte b, gives a position X in flac_crc16_table, such as:
+ * flac_crc16_rev_table[flac_crc16_table[X] & 0xff] == X
+ * This works because flac_crc16_table[i] & 0xff yields 256 unique values.
+ */
+ static const uint8_t flac_crc16_rev_table[256] = {
+ 0x00, 0x7f, 0xff, 0x80, 0x7e, 0x01, 0x81, 0xfe,
+ 0xfc, 0x83, 0x03, 0x7c, 0x82, 0xfd, 0x7d, 0x02,
+ 0x78, 0x07, 0x87, 0xf8, 0x06, 0x79, 0xf9, 0x86,
+ 0x84, 0xfb, 0x7b, 0x04, 0xfa, 0x85, 0x05, 0x7a,
+ 0xf0, 0x8f, 0x0f, 0x70, 0x8e, 0xf1, 0x71, 0x0e,
+ 0x0c, 0x73, 0xf3, 0x8c, 0x72, 0x0d, 0x8d, 0xf2,
+ 0x88, 0xf7, 0x77, 0x08, 0xf6, 0x89, 0x09, 0x76,
+ 0x74, 0x0b, 0x8b, 0xf4, 0x0a, 0x75, 0xf5, 0x8a,
+ 0x60, 0x1f, 0x9f, 0xe0, 0x1e, 0x61, 0xe1, 0x9e,
+ 0x9c, 0xe3, 0x63, 0x1c, 0xe2, 0x9d, 0x1d, 0x62,
+ 0x18, 0x67, 0xe7, 0x98, 0x66, 0x19, 0x99, 0xe6,
+ 0xe4, 0x9b, 0x1b, 0x64, 0x9a, 0xe5, 0x65, 0x1a,
+ 0x90, 0xef, 0x6f, 0x10, 0xee, 0x91, 0x11, 0x6e,
+ 0x6c, 0x13, 0x93, 0xec, 0x12, 0x6d, 0xed, 0x92,
+ 0xe8, 0x97, 0x17, 0x68, 0x96, 0xe9, 0x69, 0x16,
+ 0x14, 0x6b, 0xeb, 0x94, 0x6a, 0x15, 0x95, 0xea,
+ 0xc0, 0xbf, 0x3f, 0x40, 0xbe, 0xc1, 0x41, 0x3e,
+ 0x3c, 0x43, 0xc3, 0xbc, 0x42, 0x3d, 0xbd, 0xc2,
+ 0xb8, 0xc7, 0x47, 0x38, 0xc6, 0xb9, 0x39, 0x46,
+ 0x44, 0x3b, 0xbb, 0xc4, 0x3a, 0x45, 0xc5, 0xba,
+ 0x30, 0x4f, 0xcf, 0xb0, 0x4e, 0x31, 0xb1, 0xce,
+ 0xcc, 0xb3, 0x33, 0x4c, 0xb2, 0xcd, 0x4d, 0x32,
+ 0x48, 0x37, 0xb7, 0xc8, 0x36, 0x49, 0xc9, 0xb6,
+ 0xb4, 0xcb, 0x4b, 0x34, 0xca, 0xb5, 0x35, 0x4a,
+ 0xa0, 0xdf, 0x5f, 0x20, 0xde, 0xa1, 0x21, 0x5e,
+ 0x5c, 0x23, 0xa3, 0xdc, 0x22, 0x5d, 0xdd, 0xa2,
+ 0xd8, 0xa7, 0x27, 0x58, 0xa6, 0xd9, 0x59, 0x26,
+ 0x24, 0x5b, 0xdb, 0xa4, 0x5a, 0x25, 0xa5, 0xda,
+ 0x50, 0x2f, 0xaf, 0xd0, 0x2e, 0x51, 0xd1, 0xae,
+ 0xac, 0xd3, 0x53, 0x2c, 0xd2, 0xad, 0x2d, 0x52,
+ 0x28, 0x57, 0xd7, 0xa8, 0x56, 0x29, 0xa9, 0xd6,
+ 0xd4, 0xab, 0x2b, 0x54, 0xaa, 0xd5, 0x55, 0x2a,
+ };
+ uint8_t idx = flac_crc16_rev_table[crc & 0xff];
+ return ((idx ^ last_byte) << 8) | ((crc ^ flac_crc16_table[idx]) >> 8);
+}
+
/*****************************************************************************
* SyncInfo: parse FLAC sync info
*****************************************************************************/
@@ -484,6 +572,23 @@ static block_t *Packetize(decoder_t *p_dec, block_t **pp_block)
p_sys->i_frame_size = p_sys->b_stream_info && p_sys->stream_info.min_framesize > 0 ?
p_sys->stream_info.min_framesize : 1;
+ /* Calculate the initial CRC for the minimal frame size,
+ * We'll update it as we look for the next start code. */
+ uint8_t *buf = malloc(p_sys->i_frame_size);
+ if (!buf)
+ return NULL;
+
+ if (block_PeekOffsetBytes(&p_sys->bytestream, 0, buf, p_sys->i_frame_size)) {
+ free(buf);
+ return NULL;
+ }
+
+ uint16_t crc = 0;
+ for (unsigned i = 0; i < p_sys->i_frame_size; i++)
+ crc = flac_crc16(crc, buf[i]);
+ free(buf);
+ p_sys->crc = crc;
+
case STATE_NEXT_SYNC:
/* TODO: If pp_block == NULL, flush the buffer without checking the
* next sync word */
@@ -500,10 +605,25 @@ static block_t *Packetize(decoder_t *p_dec, block_t **pp_block)
&p_sys->i_bits_per_sample);
if (i_frame_length) {
- p_sys->i_state = STATE_SEND_DATA;
- break;
+ uint8_t crc_bytes[2];
+ block_PeekOffsetBytes(&p_sys->bytestream,
+ p_sys->i_frame_size - 2, crc_bytes, 2);
+ /* Get the frame CRC */
+ uint16_t stream_crc = (crc_bytes[0] << 8) | crc_bytes[1];
+ /* Calculate the frame CRC: remove the last 2 bytes */
+ uint16_t crc = flac_crc16_undo(p_sys->crc, crc_bytes[1]);
+ crc = flac_crc16_undo(crc, crc_bytes[0]);
+ if (stream_crc != crc) {
+ msg_Warn(p_dec, "Bad CRC for frame size %zu: 0x%x != 0x%x",
+ p_sys->i_frame_size, crc, stream_crc);
+ } else {
+ p_sys->i_state = STATE_SEND_DATA;
+ p_sys->crc = 0;
+ break;
+ }
}
}
+ p_sys->crc = flac_crc16(p_sys->crc, p_header[0]); /* update CRC */
p_sys->i_frame_size++;
}
@@ -511,6 +631,8 @@ static block_t *Packetize(decoder_t *p_dec, block_t **pp_block)
if (p_sys->b_stream_info && p_sys->stream_info.max_framesize > 0 &&
p_sys->i_frame_size > p_sys->stream_info.max_framesize) {
block_SkipByte(&p_sys->bytestream);
+ msg_Warn(p_dec, "Frame is too big (%zu > %d), couldn't find start code",
+ p_sys->i_frame_size, p_sys->stream_info.max_framesize);
p_sys->i_state = STATE_NOSYNC;
return NULL;
}
More information about the vlc-commits
mailing list